Check Point CEO Shwed On Hiring Frank Rauch, Why Mobile Security Is Overlooked, And The 'Need To Do Much, Much Better' With The Channel

Putting The Channel Front And Center

Check Point CEO Gil Shwed said the recent hiring of Chief Customer Officer Dan Yerushalmi and VMware channel superstar Frank Rauch are the first steps in a company-wide effort to recommit to partners.

Under Yerushalmi and Rauch, Shwed said Check Point is building out an incentive programs that rewards partners for activities such as meeting new customers, speaking with C-level executives, and doing joint road shows. Shwed also urged solution providers to achieve an understanding of the entire security architecture rather than just a product or two.

From a technology standpoint, Shwed address while mobile security is so simple yet so overlooked, and how partners can better assist their customers in the healthcare and financial services spaces, and why customers who focus exclusively on detection and response do so at their own peril.

Read on to learn what Shwed believes partners need to invest in during 2019.

Why did you bring Dan Yerushalmi and Frank Rauch (pictured) over to Check Point?

We have plenty of opportunity to grow our go-to-market strategy. The market opportunity is huge, and the more we do, and more we'll get. When I brought Dan to Check Point, he was brought in May to start heading strategic sales and finding ways to expand. And then he was promoted to the chief customer officer, which is a position we didn't have before but it's taking over all the customer and sales aspects of the company, which I think is the right move. With Frank, I think we realized that we've built this business on the partner community and on channels, and we realized that we need to do much, much better there. We need to regain our focus on the channel. We need to regain the channel's attention to what Check Point has to offer, and that calls for somebody very senior that understands that environment and dedicates all their time to make that happen. So that's why we brought on Frank.

What does Check Point need to do to regain its focus on the channel?

First and foremost, it's simply working together. Partnership is not just about programs and systems and so on. It's mainly about people working together. Part of the focus is refocusing on our people every time you work with a customer or you work with a partner too. And vice versa. When we have an initiative to go and provide more solutions, let's not do it on our own. Let's call on our channels and ask for their help. And alongside that, we also will be launching new programs that do that.

What will these new programs be focused on?

The focus of these programs will be about the joint activities. In many, many programs you do with salespeople or you do with partners, everybody's focusing on the financial aspects and the end results. Guess what? When we're getting to the end results, that usually means that we've done the right job. The issue is how to get there. The issue is what should we do together. So we will be launching here the new Check Points Partner Program. That's a new method of addressing partners, not focusing on what you've achieved, but focusing on what we are doing to work together. Let's go meet new customers. Let's go meet C-levels. Let's go meet the right people. And if we do that, my assumption is that we'll have amazing results together with the partners.

Why is it important to focus on joint activities with partners rather than results?

That's true to all of us as human beings. We said we want to get rewarded on the results. Guess what? Those who know how to generate the results generate results. For those who don't, putting a bigger reward just gets them more frustrated, because why aren't they getting the reward? The general management challenge is to not just tell people where they need to be. It's to tell them how to get there. I think we need to help ourselves and our partners get to this point of providing better security to more customers. And that's the joint activities. Let's do joint road shows, let's do joint meetings, let's present new technologies. These are the activities that if we will do them, we will get these prizes. And we will get these prizes. We will get the reward. But first we need to change the daily action. I mean, nobody is going to buy mobile security unless I'm going to demonstrate it to them.

What other improvements and enhancements should Check Point partners be watching for?

I think it'll be much more joint working together with our people. I think it'll be more demanding from our partners to see that they are doing what we believe is right for the customers, which is promoting technologies that will take them to Gen V, which is trying to address the architectural issues that customers have. And I think we will demand this from ourselves, and we will demand this from our partners to focus on these areas.

Do you feel that customers in the cloud and SaaS space benefit from a deal referral program?

In general, we're doing 100 percent of our sales and 100 percent of our procurement through the channel. We're not going to change that. There are areas that might need to be revisited, like when you buy things directly on the Amazon store, and we still want to have the partners as a big part of it. We still want to have the partners involved even on those deals when the fulfillment model may be different.

Is there an expectation from customers to get cloud products in more of a self-service model?

The self-service is what may be changing. I know that we want to keep the partners as an important part of it, even if the fulfillment model is different.

What role will the partners have in a transaction that's more self-service or marketplace based?

I think the value of the partners is not in the fulfillment. That's where we tend to get into trouble, because the value of fulfillment is not very high. The high value is in helping the customer understand what they need, by architecting the solutions, by helping them build that. And by the way, there's plenty of need to do that on the cloud. The cloud is not a simple environment. It's definitely not an environment where the customers know or are familiar with. So the role of the channel is to get the additional architectural advice and the additional services. And by the way, that's generally how the channel has shifted very well over the past two decades.

What's the biggest change you've seen in the channel since founding Check Point?

Two decades ago, you depended on the channel to know which products exist. Remember, before the internet, you didn't know which products existed. You had the local rep, and they told you which products are available. Today, you know all of the information. All of the information is available. You actually need more advice. Because so much information is available, you need somebody who can tell you what their experience has been in deploying certain solutions, what other people like you are doing, give you the services and outsource some of the job. And I think, by the way, the channel has evolved extremely well in that model.

What investments should the channel be making to make themselves more valuable to Check Point?

One is to always get knowledgeable about the latest technologies and the latest architecture. Understanding the Infinity architecture. Understanding what it's like to secure an entire enterprise rather than installing a firewall or upgrading network security. But the main one is simply taking the challenge, which I think most partners do, and going and bringing that message to the C-level, to the CIOs and CISOs of our customers, and showing them the different architectures that we can provide to them. And I think that's the number one priority that I have. Go to new customers, go to existing customers, and go to the C-level, which can actually see the bigger picture. Don't stay at the individual product level, which we do quite well and will do more. See the bigger picture, and see what bigger portions of the architecture we can solve and help the customers use.

What are the biggest holes and gaps you see in the market around mobile security today?

Today, the percentage of ppl using real anti-malware software on their mobile phone is a tiny fraction of a single percent. Basically, by hacking into this device, you can hack into everything in business and in life that follows us. Everybody knows that, but few people are doing anything about it. And that's really, really scary. We find a lot of malware in mobile devices. When you think about the reach that these devices have, they follow us 24/7, they see everything we see, that's something we should worry about a lot.

Why hasn't mobile security received the attention it needs to?

I think it's a combination. It's mainly the awareness of the customers. It's somewhat also the vendors, the two main vendors of the operating system of the mobile devices, they are trying to present their platform as very secure and downplay the need for security. They're doing a good job in keeping the platform secure, but as much as they're doing a good job, there's still a lot of vulnerabilities in these platforms.

How can Check Point add security that goes above and beyond what the platform is doing?

We have technologies that will check the application you're running and let you know which application is malicious. We have technologies that I can access a malicious website that might infect me or do any other thing like that. I will prevent that access. It's all part of our SandBlast mobile product. We're accessing a network that's spying on me. Another way to hack into it is to put a fake, rogue WiFi access point that will take my traffic and spy on me. We can detect these kinds of access points and block their access. All of these things we are doing inside our software today.

What do partners need to do in order to help customers with mobile security?

Mobile is the easiest technology to understand, to experiment, and to deploy. We need to install an app. It's very, very simple. Unlike, for example, what our partners do - and do amazingly well - is re-architecting the network and getting into the mission-critical data puffs on a very fast network, which is by the way very challenging. Mobile is very simple. You need to put the dashboards, send people quotes and say 'download this app,' and in a few minutes, you've got the installation up and running. I think what people have to understand that it is a very, very important task that we have to secure this environment, and that's going to be a very big opportunity from a market perspective. So whoever is doing that will win one of the next waves of security. And whoever is not doing that is leaving the field open to other channels or other companies that will take that market. And again, it's so simple. When I go to a meeting, it's just 'here's the product.' I don't need to set up a group of three security engineers that will create a complicated environment. It's so simple.

How much attention has been given to prevention rather than detection and response?

Not enough. There are a lot of startups and a lot of companies that speak about detection. You see it all the time. And that resonates a lot with how people are used to dealing with, about 'let's collect the information and analyze the information' and so on. Analyzing the information and knowing six months from now that you were infected six months ago leaves you in big trouble. What you need to do is simply block the bad things from getting into the network. And all that discussion about analytics and big data and all of these technologies is important if you can do immediate prevention. All the long-term things people are spending way too much energy on are [only] important as long as you can do the prevention first.

Why is so money flowing into the detection and response space then?

First, it's human nature. If you look at the physical space, people are saying 'let's detect something.' Let's say we have a security camera, even an alarm. An alarm doesn't stop the burglar, an alarm calls for help. Now in the physical world, we can react at the relative speed to the attacker. Because we are human, we can react at speeds where we can be effective. In cyberspace, we take the same principals, but we can't. Because in cyberspace, if we get an alert and we can react in a day or we can react in 10 minutes, that's too late. The damage has already been done. And that's what people sometimes remember. We take a lot of the ideas from our conventional life and we try to apply them to cyber.

How do you make prevention more than shooting blindly in the dark?

I think prevention relies on very sophisticated matters, but it also relies on the fact that you'll actually take action, and that's the difference. As opposed to just seeing what's going on and then letting somebody else do the job, you need to do the job immediately. And there are things there that are inherently in the technology itself. How to get higher levels of accuracy? And how to do better detection? So that's one side of prevention. But the other side of prevention is really being where you can stop the attack.

How does this work in real life?

If I'm getting an infected file by email, most solutions in the industry will transfer the file and let you know 10, 20 minutes or a half-hour later that the file you just received was infected. That's too late. Our solution is engineered very, very differently so we will be able to scan the file much more quickly and transfer it only if it's clean. Now even that takes a minute or two. And sometimes that's too much time. You don't want to wait two full minutes, or five minutes to get a file. So what we'll do is develop a new technology that we call threat extraction, where we will take the file and convert it to a different format. And this way, by the way, we killed 100 percent of the malware. And now, we will analyze it in the background. And once you've built all that infrastructure, you get to a place where you can actually do prevention because you know that every file that you're getting is actually a clean file.

How well or poorly do you feel the industry has addressed the unique challenges the healthcare field has?

I think it's less of the cyber industry. It's more of the healthcare industry. The healthcare industry is doing very important things for our world, but their IT awareness is relatively low. Their IT budgets are also relatively low. Unlike most other enterprises that use relatively simple IT equipment – computers, servers, and so far – in a hospital there's tons of different devices, and they're all getting connected. So the combination is quite challenging. And even the awareness of the staff at the hospital is very low in comparison with the risks of connecting to the network and so on.

What should channel partners by thinking about in healthcare environments to make sure more secure?

The channels can do greatly in that environment. Because when you go and explain the technology. All of the hospital managers that I met are were much aware and very much concerned about it. What we didn't know is how to deal with it. We are starting now to come up with solutions that are tailored to these needs, like things that can go on specific medical devices and turn a machine that's not secure into a secure one without changing the machine itself, which we cannot do. Basically connect the entire hospital in a secure manner. I think that needs a lot of guidance and a lot of hand-holding and a lot of services from the local channel partners.

What are the unique challenges for the financial services area?

When people break into the bank, what's the reason for that? It's because that's where the money is. That's why is a target. It's a prominent target, it's well-known names, and so on. From a security standpoint, it's a relatively simple environment from an IT perspective because it's relatively uniform, there's not too many types of devices, and so on. But there are big companies, and the big companies are complicated, and there is a lot of data, and the data can be used to steal money or do other things. So financial services have been some of the bigger investors in cybersecurity, which still doesn't mean they're fully protected. There's still a lot of work to be done there as well.

Why do you feel consolidation is so important at this stage of cybersecurity?

It's pretty much impossible for an enterprise to go and find dozens of different technologies and different vendors, and try to build something on their own. Even if you deploy dozens of different technologies, they don't actually work together. We must simplify it, and we might make all of these technologies that are important really approachable and accessible to everyone. And the only way to do it is through consolidating.

What are the biggest services customers are looking for from a vendor like Check Point?

When you get some connection or some file, you need to know if it's safe or not, and you need to accept it or reject it. Today, people are more focused on 'How do you do that?' than on 'Do you do the job that needs to get done?' When you try to analyze a file, there's at least eight different technologies that need to be applied. The service you want is that someone else will find out the best technologies, find out the most comprehensive one, and just tell you that the file you got is a clean file or the file that you got is a malicious file. And not just tell you that, but also stop the file. That goes to the prevention element of the equation.

What are you doing within Check Point to build up this services muscle?

We've already built in what you'd call the software blade architecture, which allows you to get many different technologies and choose how to activate them together. Right now, we're basically taking these technologies and newer technologies and moving them into a cloud environment, an environment where this is provided as a service not just for network traffic, not just for the gateway, but provided to any computing entity that needs to be secure. And that's the revolutionary architecture that I think is changing now.

Why is Maestro so important for Check Point and its partner community?

One of the things that prevents people from deploying more and more threat prevention is the fear that performance is going to be an issue. We struggle with every year, or every 2-3 years, someone is trying to sell you your whole infrastructure from scratch. And huge machines that are not scalable anymore. And that's what scares people sometimes from using the most advanced threat prevention. With Maestro, we are actually reversing that trend. We're saying 'if you buy two boxes today, they actually work twice as fast as one box. You add the third one, you get extra. It works three times as fast.'

Why is this so important?

Basically your scalability is almost unlimited there. And so you get the scalability, you get the reliability by the way. The way it's architected is that you get resiliency, so that if you have three boxes working and one has an error, the other two continue and take all the load. If you have seven in one phase, you still continue on the load. So we actually get systems that are extremely reliable. Having unlimited scalability gives you an investment protection so you don't worry about whether what I buy now should be enough for the next three years, five years, or seven years. You buy what you need now, and if next year you need more, you expand. And that's a value proposition that people are looking for.

Is there anything else you would like partners to know?

Partners remain very, very important to us. You see here that we have a record level of partner attendance at CPX. We're getting them more involved. I think you can see that the way we treat partners is like our employees. Tuesday and Wednesday are the customer days here where our customers and our partners are here. And Thursday is our internal day, and that internal day includes the partners.